Jamf Connect ZTNA Evaluation Guide
- 13 Jun 2024
- 3 Minutes to read
- DarkLight
- PDF
Jamf Connect ZTNA Evaluation Guide
- Updated on 13 Jun 2024
- 3 Minutes to read
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Summary
After the discussions with your Jamf account team, they will provision access to the Jamf Connect product for purposes of evaluating the capabilities against your needs. Use the following guide to review each feature of Jamf Security Cloud.
Disclaimer
Do not test these features in your production environment. We recommend evaluating Jamf Connect in evaluation environments.
Features of Jamf Connect ZTNA
Utilizing a modern VPN on iOS, iPadOS, macOS, Android, and Windows the Jamf Connect product can gate access to various applications and resources based upon validation of management and security risk level. To review these capabilities, implement the following features within Jamf Security Cloud:
Feature | Description | Scope | Documentation Link(s) |
|---|---|---|---|
Controlling access to Jamf distributed app | Configuring an access policy for the SaaS application “My IP on a Map” for ZTNA access to map.wandera.com | Global Policy or Group Policy | |
Controlling access to SaaS and custom SaaS applications | Configuring an access policy for any SaaS applications utilizing either pre-built templates or custom | Global Policy or Group Policy | |
End-user / admin Notifications | Notifying end-users of policy blocks via the end-user application and/or the customizable block pages via Jamf Security Cloud. | N/A | |
Build Dedicated Internet Gateways | Dedicated internet gateways route specified business traffic to the device through Jamf Security Cloud using a pair of IP addresses specific to your environment. | Global Policy or Per-app Policy | |
Access policies for custom enterprise apps | Configuring an access policy for any customer enterprise applications managed by a private network. | Global Policy or Per-app Policy | |
Device Risk-based Access Controls | Integrating Jamf Security Cloud’s Threat Prevention policy with ZTNA to ensure end-user devices are at appropriate risk level when accessing corporate applications. (Requires the purchase of Jamf Protect) | Global Policy or Per-app Policy | |
Restrict Access when Jamf Trust is disabled | When enabled, the user cannot access the application on their device when the Jamf Trust App is disabled. (Requires the purchase of Jamf Protect) | Global Policy or Per-app Policy | |
Device Management State-based Access Control | Prevent unmanaged devices from accessing the application. (Requires UEM Connect to be enabled in Jamf Security Cloud.) | Global Policy or Per-app Policy |
Features of Cloud Access Controls
Jamf offers the capability to setup certain compatible cloud providers with access controls to verify that only devices and users with Jamf Connect ZTNA are allowed to communicate with that environment.
This section is optional only if and when you have purchased and using these cloud solutions and want to block access to all other devices. We recommend not implementing any of these controls against production environment.
Feature | Description | Documentation Link(s) |
|---|---|---|
AWS | Set login restrictions when devices need access to corporate AWS resources | |
Google Workspace | Set login restrictions when devices need access to corporate Google Workspace resources | |
Microsoft 365 | Set login restrictions when devices need access to corporate Microsoft 365 environments | |
Microsoft Exchange ActiveSync | Set login restrictions when devices need access to corporate Exchange servers | |
Okta | Set login restrictions when devices need access to Okta |
Features of Jamf Connect ZTNA Reporting
Reporting on the events related to access rules tested above:
Feature | Description | Documentation Link(s) |
|---|---|---|
Application Usage | Dashboard view of device access to each application defined in the Access Policy. | |
User Activity | Report on what active users are, and which applications they access from their devices | |
Event Logs | Detailed event logs of end-user devices accessing defined corporate applications on a per-request basis. | |
Routing Analytics | Visual representation of all defined Access Policy (corporate app) connections based on user device, number of requests, routes defined, and applications accessed. |
After review each of these features of Jamf Connect reach back out to your Jamf account team to schedule next steps. Thank you for your time and attention to successfully securing your organization.